aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMartin Willi <martin@revosec.ch>2010-09-03 18:24:03 +0200
committerMartin Willi <martin@revosec.ch>2010-09-03 18:24:03 +0200
commit4e68c1cfdc31891d74789390c5834b762a705783 (patch)
tree903195801741c1e1f93ad804f93b2d039906a4ad /src
parent4254257f9d8da77c2d9846c6956873a19a428283 (diff)
downloadstrongswan-4e68c1cfdc31891d74789390c5834b762a705783.tar.bz2
strongswan-4e68c1cfdc31891d74789390c5834b762a705783.tar.xz
Do not propose (EC)DHE suites if we do not support them
Diffstat (limited to 'src')
-rw-r--r--src/libtls/tls_crypto.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 2fb5a1feb..49ee88def 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -625,7 +625,9 @@ static void filter_suite(private_tls_crypto_t *this,
!current.encr || current.encr == suites[i].encr) &&
(!current.mac || current.mac == suites[i].mac) &&
(!current.prf || current.prf == suites[i].prf) &&
- (!current.hash || current.hash == suites[i].hash))
+ (!current.hash || current.hash == suites[i].hash) &&
+ (suites[i].dh == MODP_NONE ||
+ !current.dh || current.dh == suites[i].dh))
{
suites[remaining] = suites[i];
remaining++;
@@ -712,6 +714,8 @@ static void build_cipher_suite_list(private_tls_crypto_t *this,
lib->crypto->create_prf_enumerator);
filter_suite(this, suites, &count, offsetof(suite_algs_t, hash),
lib->crypto->create_hasher_enumerator);
+ filter_suite(this, suites, &count, offsetof(suite_algs_t, dh),
+ lib->crypto->create_dh_enumerator);
free(this->suites);
this->suite_count = count;